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(54) Communications terminal 

(57) In a communications terminal (3), a CPU (32) 
retrieves start-up data (112) from a server (1) using a 
Web browser (311), which is stored in a storage device 
(31). The CPU (32) performs data authentication with 
respect to authentication type data (1123) included in 



the start-up data (112). Then, when the authentication 
is succeeded, the CPU (32) follows the authenticati n 
type data (1123) so as to determine which authentica- 
tion mode is to be used for authenticating the application 
data. In this manner, the authentication mode for au- 
thenticating the application data can be easily changed. 
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Description 

BACKGROUND OF THE INVENTION 

Fi Id of the Invention 5 

[0001] The present Invention relates to communica- 
tions terminals and, more specifically, to communica- 
tions terminals which receive data for their internal start- 
up of applications, and perform data authentication as 
to the received data. 

Description of the Background Art 

[0002] In a conventional system structured by a serv- 
er and terminals, data is forwarded from the server to 
the corresponding terminal for application execution 
therein. For a game application, for example, the server 
may forward data including information about any other 
users and game settings to the corresponding terminal 
for its game play. Such data is continuously updated on 
the server side to be ready for a data request coming 
from the terminal side prior to game play, and thus the 
game data does not fall to be the latest. 
[0003] Such a system requires data authentication to 
see whether the data corning from the server has been 
tampered or not. The terminal thus accordingly goes 
through data authentication by digital signature, digital 
watermarking, or the like, to verify the identity of the da- 
ta, or the possibility of data tampering, for example. 
[0004] An exemplary system for verifying the authen- 
ticity of Web pages has been disclosed In Japanese Pat- 
ent Lald-Open Publication No. 2000-227757. Data au- 
thentication in this Publication is performed with respect 
to contents derived by the server using a Web browser. 
[0005] The issue here is, a program for data authen- 
tication is often incorporated in an application, or have 
some relevance to any specific application. That is, an 
application and a data authentication program have a 
one-to-one relationship, which is unalterably estab- 
lished. Thus, changing the authentication mode for any 
specific application means newly installing a program 
therefor. 

[0006] As such, in the conventional system for data 
authentication, changing authentication modes on an 
application basis has been very troublesome. What is 
worse, if the program is of a type incorporated in the 
application, the application has to be troublingly in- 
stalled also. 

SUMMARY OF THE INVENTION 

[0007] Therefore, an object of the present invention is 
to provide data authentication systems allowing easy 
chang ofauth ntication modes. ss 
[0008] The present invention has the following f a- 
tures to attain the object abov . 
[0009] A first aspect of the present invention is direct- 



ed to a communications t rminalf r transmitting/receiv- 
ing data to/from a server over a network, comprising: 

a data request section for making a data request for 
the s rver to forward start-up data which includes 
application data relating to start-up of an applica- 
tion, and authentication type data indicating an au- 
thentication mode for authenticating the application 
data; 

a data reception section for receiving the start-up 
data coming from the server in response to the data 
request; 

a first authentication section for authenticating th 
authentication type data received by the data recep- 
tion section under a predetermined authentication 
mode; 

a second authentication section for authenticating, 
corresponding to the first authentication section 
succeeding in authentication, the application data 
received by the data reception section under an au- 
thentication mode indicated by the authentication 
type data which has been done with authentication; . 
and 

an application start-up section for reading, corre- 
sponding to the second authentication section suc- 
ceeding in authentication, the application data 
which has been done with authentication, and start- 
ing up the application. 

[0010] As described above, in the first aspect, the 
server forwards th© authentication type data together 
with the application data. The authentication type data 
is then used by the communications terminal as th ba- 
sis for determining an authentication mode for the ap- 
plication data. Therefore, the authentication mode can 
be changed easily. 

[0011] Further, in the first aspect, the authenticati n 
type data has a possibility of data tampering as does the 
application data because those data are forwarded to- 
gether. If the authentication type data has been tam- 
pered, the application data cannot be correctly authen- 
ticated, allowing any unauthorized data possibly to be 
read into the application. In the first embodiment, how- 
ever, the authentication type data Is authenticated sep- 
arately from the application data. Therefore, if the au- 
thentication type data fails to be authenticated, the cor- 
responding application is not started up. In such a man- 
ner, even if the application data is not correctly authen- 
ticated due to data tampering done to the authentication 
type data, the corresponding application is prevent d 
from starting up due to any unauthorized data. 
[0012] According to a second aspect, in the first as- 
pect, the communication terminal further comprises an 
application information storage section for storing appli- 
cation informati n which indicates a corr spond nee 
betw en the application and the authenticati n mod 
us d for authenticating the application data relating to 
the application, wh rein 
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when the start-up data has none of the authenti- 
cation type data, the second authentication section d - 
temnines the authentication mode based on the applica- 
tion information. 

[0013] As d scribed above, in the second aspect, in 5 
response to no authentication type data coming from the 
s erver^ the communications terminal performs data au- 
thentication under a predetermined mode found In the 
application information. Therefore, if the authentication 
mode is not changed, the server has no need to forward 10 
the authentication type data, successfully reducing the 
data amount for transmission. The communications ter- 
minal has also a merit of being reduced in processing 
burden because there needs to go through the authen- 
tication process for only once if the authentication mode is 
is not changed. 

[001 4] According to a third aspect, in the first aspect, 
by designating the application data stored in the server 
using a Web browser, the data request section makes 
the data request for the application data. 20 
[001 5] As described above, in the third aspect, the da- 
ta request is easily made to the server through a user's 
simple operation, clicking (ink information using a Web 
browser, for example. Especially with the communica- 
tions terminal of a mobile type often having an input de- 25 
vice simple in structure, simple operation for making da- 
ta requests to the server is advantageous. 
[0016] A fourth aspect of the present invention is di- 
rected to a communications terminal for transmitting/re- 
ceiving data to/from a server over a network, compris- so 
ing: 

a data request section for making a data request for 
the server to forward start-up data which at least 
includes application data relating to execution of an 35 
application; 

a data reception section for receiving the start-up 
data coming from the server in response to the data 
request; 

an application information storage section for stor- *o 
ing application information which indicates a corre- 
spondence between the application and an authen- 
tication mode used for authenticating the applica- 
tion data relating to the application; 
an authentication section for authenticating the 
start-up data received by the data reception section 
under an authentication mode indicated by the ap- 
plication information; 

an application start-up section for reading, corre- 
sponding to the authentication section succeeding so 
in authentication, the application data which has 
been done with authentication, and starting up the 
application; and 

under a condition that the start-up data includes 
both the application data and authentication type ss 
data which indicates an authentication mode used 
for authenticating the application data, an applica- 
tion information update section f r updating, corr - 



sponding to the authentication section succeeding 
in authentication, the auth nticationmod in the ap- 
plication information stored in the application infor- 
mation storag section into the authentication mode 
indicated by th authentication type data which has 
been done with authentication. 

[00171 As described above, In the fourth aspect, the 
server forwards the authentication type data together 
with the application data. The communications terminal 
performs data authentication first in accordance with the 
application information which is previously stored, and 
when the authentication worked out, the application in- 
formation is correspondingly changed based on the au- 
thentication type data. Accordingly, by the time when the 
start-up data comes next, the authentication typ data 
will be changed in authentication mode. As such, the 
authentication mode can be easily changed by the au- 
thentication type data. 

[0018] A fifth aspect of the present invention is direct- 
ed to a network system including a server and a com- 
munications terminal for data transmission/reception 
therebetween over a network, wherein 
the server comprises: 

a start-up data storage section for storing start-up 
data which includes application data relating to ex- 
ecution of an application, and authentication type 
data indicating an authentication mode used for au- 
thenticating the application data; and 
a data transmission section for forwarding th start- 
up data stored in the start-up data storage section 
in response to a data request for the start-up data 
coming from the communications terminai, and 

the communications terminal comprises: 

a data request section for making the data request 
for the start-up data; 

a data reception section for receiving the start-up 
data coming from the server in response to the data 
request; 

a first authentication section for authenticating the 
authentication type data received by the data recep- 
tion section under a predetermined authentication 
mode; 

a second authentication section for authenticating, 
corresponding to the first authentication section 
succeeding in authentication, the application data 
received by the data reception section under the au- 
thentication mode indicated by the authentication 
type data which has been done with authentication; 
and 

an application start-up section for reading, corre- 
sp nding to th second authentication section suc- 
ceeding in authentication, the application data 
which has been done with authentication, and start- 
ing up the application. 
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[0019] A sixth aspect of the present invention is di- 
rected to a network system including a server and a 
communications terminal for data transmission/recep- 
tion ther between over a network, wherein 
the server comprises: 

a start-up data storage section for storing start-up 
data which at least Includes application data relat- 
ing to execution of an application; and 
a data transmission section for forwarding the start- 
up data stored in the start-up data storage section 
in response to a data request for the start-up data 
coming from the communications terminal, and 

the communications terminal comprises: 

a data request section for making the data request 
for the start-up data; 

a data reception section for receiving the start-up 
data coming from the server in response to the data 
request; 

an application information storage section for stor- 
ing application information which indicates a corre- 
spondence between the application and an authen- 
tication mode used for authenticating the applica- 
tion data relating to the application, 
an authentication section for authenticating the 
start-up data received by the data reception section 
under the authentication mode indicated by the ap- 
plication information; 

an application start-up section for reading, corre- 
sponding to the authentication section succeeding 
in authentication, the application data which has 
been done with authentication, and starting up the 
application; and 

under a condition that the start-up data includes 
both the application data and authentication type 
data which indicates an authentication mode used 
for authenticating the application data, an applica- 
tion information update section for updating, corre- 
sponding to the authentication section succeeding 
in authentication, the authentication mode in the ap- 
plication information stored in the application Infor- 
mation storagesection into the authentication mode 
indicated by the authentication type data which has 
been done with authentication. 

[0020] A seventh aspect of the present invention is di- 
rected to a program which is computer executable in a 
communications terminal fortransmitting/receiving data 
to/from a server over a network, the program compris- 
ing: 

a data request step of making a data request forthe 
server to forward start-up data which includes ap- 
plication data relating to start-up of an application, 
and authentication type data indicating an authen- 
tication mode for authenticating the application da- 



ta; 

a data reception step of receiving th start-up data 
coming from the server in response to the data re- 
quest; 

5 a first authentication step of authenticating the au- 
thentication type data received in the data reception 
step under a predetermined authentication mode; 
a second authentication step of authenticating, cor- 
responding to the first authentication step succeed- 
ing in authentication, the application data received 
in the data reception step under an authentication 
mode indicated by the authentication type data 
which has been done with authentication; and 
an application start-up step of reading, correspond- 
ing to the second authentication step succeeding in 
authentication, the application data which has been 
done with authentication, and starting up the appli- 
cation. 

[0021] An eighth aspect of the present invention is di- 
rected to a program which is computer executable in a 
communications terminal fortransmitting/receiving data 
to/from a server over a network, 

the communications terminal previously Includes 
application information which indicates a correspond- 
ence between an application and an authenticati n 
mode used for authenticating application data relating 
to the application, 

the program comprising: 

a data request step of making a data request forthe 
server to forward start-up data which at least In- 
cludes the application data relating to execution of 
the application; 

a data reception step of receiving the start-up data 
coming from the server in response to the data re- 
quest; 

an authentication step of authenticating the start-up 
data received in the data reception step und r the 
authentication mode indicated by the application in- 
formation; 

an application start-up step for reading, corre- 
sponding to the authentication step succeeding in 
authentication, the application data which has been 
done with authentication, and starting up the appli- 
cation; and 

under a condition that the start-up data includes 
both the application data and authentication type 
data which indicates an authentication mode used 
for authenticating the application data, an applica- 
tion information update step of updating, corre- 
sponding to the authentication step succeeding in 
authentication, the authentication mode in the ap- 
plication information which has been previously in- 
cluded into th authentication mode indicated by 
the authentication type data which has been done 
with authentication. 
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[0022] A ninth aspect of the present invention is di- 
rected to a data authentication m thod used in a com- 
munications terminal for transmitting/receiving data to/ 
from a s rver over a network, comprising: 

a data request step of making a data request for the 
server to forward start-up data which includes ap- 
plication data relating to start-up of an application, 
and authentication type data indicating an authen- 
tication mode for authenticating the application da- 
ta; 

a data reception step of receiving the start-up data 
coming from the server in response to the data re- 
quest; 

a first authentication step of authenticating the au- 
thentication type data received in the data reception 
step under a predetermined authentication mode; 
a second authentication step of authenticating, cor- 
responding to the first authentication step succeed- 
ing in authentication, the application data received 
in the data reception step under an authentication 
mode indicated by the authentication type data 
which has been done with authentication; and 
an application start-up step of reading, correspond- 
ing to the second authentication step succeeding in 
authentication, the application data which has been 
done with authentication, and starting up the appli- 
cation. 

[0023] A tenth aspect of the present invention is di- 
rected to a data authentication method used in a com- 
munications terminal for transmitting/receiving data to/ 
from a server over a network, 

the communications terminal previously includes 
application information which indicates a correspond- 
ence between an application and an authentication 
mode used for authenticating application data relating 
to the application, 

the method comprising: 

a data request step of making a data request for the 
server to forward start-up data which at least in- 
cludes the application data relating to execution of 
the application; 

a data reception step of receiving the start-up data 
coming from the server in response to the data re- 
quest; 

an authentication step of authenticating the start-up 
data received in the data reception step under the 
authentication mode indicated by the application in- 
formation; 

an application start-up step for reading, corre- 
sponding to the authentication step succeeding in 
authentication, the application data which has been 
done with authentication, and starting up the appli- 
cation; and 

under a condition that the start-up data includes 
both the application data and authentication type 



data which indicates an authentication mode used 
for authenticating the application data, an applica- 
tion information update step of updating, corre- 
sponding to th authentication step succeeding in 
authentication, th authentlcati n mode in th ap- 
plication information which has been previously in- 
cluded into the authentication mode indicated by 
the authentication type data which has been done 
with authentication. 

[0024] These and other objects, features, aspects 
and advantages of the present invention will become 
more apparent from the following detailed description of 
the present invention when taken in conjunction with the 
accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0025] 

FIG. 1 is a block diagram showing the structure of 
a data authentication system according to one em- 
bodiment of the present invention; 
FIG. 2 is a block diagram showing the hardware 
structure of a server 1 of FIG. 1 ; 
FIG. 3 is a block diagram showing the hardware 
structure of a communications terminal 3 of FIG. 1 ; 
FIG. 4 is a flowchart of an application start-up proc- 
ess in the communications terminal 3 of FIG. 1 ; 
FIG. 5 is a flowchart of a sequence of processes 
performed by a CPU 12 of FIG. 2 responding to a 
data request; 

FIG. 6 shows exemplary start-up data in the embod- 
iment; 

FIG. 7 is a detailed flowchart of subroutine step 
S405 of FIG. 4; 

FIG. 8 is a detailed flowchart of subroutine step 
S407 of FIG. 4; 

FIG. 9 exemplarily shows an application information 
table of FIG. 3; 

FIG. 10 is a flowchart of a modified version of the 
application start-up process of FIG. 4; 
FIG. 11 is a flowchart of an application installment 
process in the communications terminal 3; and 
FIG. 1 2 exemplariiy shows install data 11 1 of FIG. 1 . 

DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0026] In the below, described is one embodiment of 
the present invention by referring to the accompanying 
drawings. FIG. 1 is a block diagram showing the struc- 
ture of a data authentication system according to the 
embodiment of the present invention. In FIG. 1 , the data 
authentication system includes a server 1 , a network 2, 
and a communications terminai 3. The server 1 and the 
communications terminal 3 ar connected to each other 
via the network 2 for communications therebetween. 
Here, the network 2 may be either wired or wireless. 
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[0027] FIG. 2 is a block diagram showing the hard- 
ware structure of the server 1 of FIG. 1 . The server 1 is 
a so-called WWW (World Wide Webserver. As shown 
in FIG. 2, th server 1 is provided with a storage device 
11, a CPU 12, RAM 13, and a communications device 
14. 

[0028] The storage device 11 is composed of a hard 
disk drive, ROM, or the like, and stores Install data 111 
and start-up data 112, at least one piece of each. The 
install data 111 includes a program which is downloaded 
and installed by the communications terminal 3, and in- 
formation about the program. The start-up data 112 has 
some relevance to application start-up, and forwarded 
to the communications terminal 3 for its application start- 
up. The communications terminal 3 requests, for its ap- 
plication execution, the server 1 for the start-up data. 
[0029] For processing such a data request, the stor- 
age device 11 stores a program (data request program) 
113. Responding to any data request coming from the 
communications terminal 3, the start-up data 112 is for- 
warded thereto in accordance with the data request pro- 
gram 113. Here, the storage device 11 stores some oth- 
er programs required in the present embodiment. 
[0030] The CPU 12 executes the programs stored in 
the storage device 1 1 while using the RAM 1 3 as a work- 
ing area. The communications device 14 communicates 
with the communications terminals 3 over the network 2. 
[0031] FIG. 3 is a block diagram showing the hard- 
ware structure of the communications terminal 3 of FIG. 
1. As shown in FIG. 3, the communications terminal 3 
includes a storage device 31, a CPU 32, RAM 33, an 
input device 34, a display device 35, and a communica- 
tions device 36. 

[0032] The storage device 31 stores a Web browser 
31 1 , an application 312, an authentication program 31 3, 
an application start-up program 314, and an application 
information table 31 5. Here, stored in the storage device 
31 are not limited to those, and some other programs 
required in the present embodiment are also stored. 
[0033] The Web browser 311 is a program for retriev- 
ing contents from the server 1 , and subjecting those to 
a display process, for example. In the present embodi- 
ment, the communications terminal 3 accesses the net- 
work 2 using the Web browser 311 for data transmission/ 
reception to/from the server 1 . 

[0034] The application 31 2 is a program to be execut- 
ed in the communications terminal 3. Here, the storage 
device 31 also stores several other such programs. As- 
suming here that whatever applications stored in the 
storage device 31 require some data from the server 1 
for their start-up. For example, with a game application, 
received from the server 1 may be data including infor- 
mation about other users , game difficulty, or the like. 
With a scheduling application, received from the server 
1 may be data including the user's sch dule. 
[0035] The authentication program 31 3 is provided for 
authenticating the data coming from the server 1, spe- 
cifically, verifying the identity of the data, and the possi- 



bility of data tampering. It should be noted here that, 
stored in the storage d vice 31 is not limit d to the au- 
thentication program 313, and several other programs 
are also stored for data authentication. 
5 [0036] The application start-up program 31 4 is provid- 
ed for a process to be executed at the time of application 
start-up. The application information table 315 shows, 
on an application basis, what type of data Is to be read 
and what application mode is to be applied for appllca- 
io tion start-up. 

[0037] The CPU 32 executes the programs stor d in 
the storage device 31 while using the RAM 33 as a work- 
ing area. The input device 34 is composed of a key- 
board, for example, and inputs user's commands at the 
*5 time of application execution. The display device 35 is 
composed of a liquid crystal display, for example, and 
displays Web pages retrieved using the Web browser, 
the execution result of the application, and the like. The 
communications device 36 communicates with the serv- 
er 1 over the network 2. 

[0038] Described next is the operation of the commu- 
nications terminal 3 for application execution in the data 
authentication system of the present embodiment. In 
this embodiment, the CPU 32 of the communications 
terminal 3 executes the Web browser 311 to access the 
network 2 for data transmission/reception to/from the 
server 1 . Therefore, It is here assumed that the Web 
browser 311 is activated at the time of application exe- 
cution. To be specific, by the time of application execu- 
tion, the display device 35 will display a Web page re- 
ceived from the server 1 using the Web browser 311. 
Assuming below Is a case where the application 312 is 
to be executed, and for data authentication, the authen- 
tication program 313 is to be executed. 
[0039] FIG. 4 is a flowchart of an application start-up 
process in the communications terminal 3 shown in FIG. 
1 . The application start-up process is executed by the 
CPU 32 of the communications terminal 3 executing the 
application start-up program 314. First, the CPU 32 re- 
quests the server 1 for the start-up data, which is de- 
scribed in the foregoing (step S401). This data request 
is made through the input device 34, responding t the 
user's selecting anchor information on the Web page 
displayed as links. In other words, the CPU 32 goes 
through step S401 in response to user's operation as 
such. Here, the data request made in step S401 in- 
cludes a URL (Uniform Resource Locator) which Indi- 
cates the location of the start-up data. The anchor infor- 
mation is displayed on the Web page under an applica- 
tion name, and related to the start-up data for the appli- 
cation. 

[0040] The data request made in step S401 is for- 
warded by the communications device 36 to the server 
1 over the network 2. The data request thus received by 
th server 1 is transferred t the CPU 12 by th com- 
munications device 14. In response, the CPU 1 2 starts 
a process with respect to the data request. 
[0041] FIG. 5 is a flowchart of asequenc of process- 
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es executed by the CPU 12 of FIG. 2 responding to the 
data requ st. Here, this process is execut d by the CPU 
1 2 of the server 1 whichever executing the data request 
pr gram 11 3. Th CPU 12 first receives the data r qu st 
(st p S51) t and then determines which start-up data is 
to be forwarded to the communications terminal 3, from 
whicKthe data request came (step S52). As already de- 
scribed, the storage device 11 of the server 1 previously 
stores the start-up data on the application basis. In step 
S52, any corresponding start-up data is selected from 
among those stored In the storage device 11 based on 
the URL included in the data request. In the below, a 
specific example of the start-up data is described. 
[0042] FIG. 6 shows an example of the start-up data 
in the present embodiment. In FIG. 6, the start-up data 
112 includes application data 1121 , a signature of the 
application data 1122, authentication type data 1123, a 
signature of the authentication type data 1124, and a 
public key 1125. The application data 1121 is the one 
read into the application 312 at the time of its start-up. 
The application data 1121 being a game specifically in- 
cludes information about other users and game difficul- 
ty, for example. When being scheduling software, the 
application data 1121 may be user's schedule informa- 
tion. The signature of the application data 1121 proves 
that the application data 1121 forwarded from the server 
1 has not been tampered. Here, the signature of the ap- 
plication data 1122 is the one derived by calculating a 
hash value of the application data 1121 in the server 1. 
The signature of the application data 1121 is encrypted 
for transmission. 

[0043] The authentication type data 1 1 23 indicates an 
authentication mode for the application data 1121 . The 
application data 1121 is encrypted under the authenti- 
cation mode indicated by this authentication type data 
1 1 23. The signature of the authentication type data 1 1 24 
proves that the authentication type data 1 1 23 forwarded 
from the server 1 has not been tampered. Here, the sig- 
nature of the authentication type data 1124 is the one 
derived by calculating a hash value of the authentication 
type data in the server 1 . The signature of the authenti- 
cation type data 1124 is encrypted for transmission. 
[0044] Here, unlike the application data 1 1 21 to be au- 
thenticated under any mode depending on the authen- 
tication type data 1123, the authentication type data 
1123 has to be authenticated under one predetermined 
mode. Herein, the authentication type data 1123 is pre- 
sumably authenticated under a public key cryptosys- 
tem. This is the reason why the start-up data 1 1 2 herein 
is provided with the public key 1125, for decryption. 
[0045] Referring back to FIG. 5, after step S52 is 
through, the CPU 12 reads the start-up data 112 stored 
in the storage device 11 for transmission to the commu- 
nications terminal 3 (step S53). Specifically, the CPU 12 
transfers the start-up data 112 to the communications 
device 14, and the communications devic 14 respon- 
sively forwards the start-up data 1 1 2 to the communica- 
tions terminal 3 over the network 2. 



[0046] Referring back to FIG. 4, the start-up data 1 1 2 
thus forwarded from the server 1 is received by the com- 
munications device 36 of the communications terminal 
3, and th r from, the start-up data 1 1 2 goes to the CPU 

s 32 (step S402). To be specific, the CPU 32 analyzes the 
start-up data 112 after writing it onto the RAM 33 (step 
S403). In step S403, the CPU 32 determines which part 
of the start-up data 112 corresponds to what data, I.e., 
the application data 1121 to the public key 1125. The 

w CPU 32 also defines the application data 1121 by file 
type. 

[0047] Then, based on the analysis result of step 
S403, the CPU 32 determines whether the start-up data 
112 includes the authentication type data 1123 (step 
is S404). If determined No, the procedure goes to step 
S407. If Yes, the procedure goes to step S405, and the 
CPU 32 authenticates the authentication type data 
1123. 

[0048] FIG. 7 is a detailed flowchart of subroutine step 
20 S405 of FIG. 4. In the data authentication process of 
FIG. 7, the CPU 32 executes any one predetermined 
authentication program among those stored in the stor- 
age device 31 . The CPU 32 first calculates a hash valu 
of the authentication type data 1 1 23 (step S4051). Here, 
25 a hash function used for the purpose is the same as that 
used for deriving the signature of the authentication type 
data 1123 in the server 1. The CPU 32 then decrypts 
the signature of the authentication data 1124 (step 
S4052). 

30 [0049] The CPU 32 then compares thus decrypted 
signature as being a hash value with the hash value cal- 
culated in step S4051 (step S4053). Through compari- 
son as such, determined in step S4054 is the possibility 
of the authentication type data 1123 having been tarn- 

35 pered, that is, whether the authentication type data 1 1 23 
received by the communications terminal 3 is the same 
as the authentication type data forwarded from the serv- 
er 1. 

[0050] If the hash value and the signature ar deter- 
40 mined as being the same in step S4054, the data au- 
thentication is regarded as a success (step S4055), and 
as a failure If not the same (step S4056). 
[0051 ] After going through step S405 as such , the pro- 
cedure goes to step S406 of FIG. 4. If the data authen- 
45 tication is determined as a failure in step S406, the pro- 
cedure goes to step S41 0. If determined as a success, 
the CPU 32 authenticates the application data (step 
S407). 

[0052] FIG. 8 is a detailed flowchart of subroutine step 
so S407 of FIG. 4. The CPU 32 first determines in what 
mode the application data is to be authenticated (step 
S4071). If the authentication type data is determined as 
being included in step S404, the authentication mode 
indicated thereby is used. If not included, the application 
ss information table 315 stored in the storage device 31 is 
referred to for the purpose. 

[0053] FIG. 9 shows an example of the application in- 
formation table 315 of FIG. 3. As shown In FIG. 9, the 
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application Information table 31 5 shows the correspond- 
ence among an application name, a file type of applica- 
tion data, and an authentication mode. After a file type 
is defined for the application data in step S403, th cor- 
responding application and authentication mode can be 5 
determined by simply referring to the application infor- 
mation table 315. For example, if the file type of the ap- 
plication data is defined as "C", the application to be 
started up is "Al", and the authentication mode is DES 
encryption. io 
[0054] After step S4071 is through as such, the pro- 
cedure goes to step S4072 onward to S4077. Depend- 
ing on what authentication mode is determined in step 
S4071 , the authentication program to be executed by 
the CPU 32 in these steps may vary among those stored *s 
In the storage device 31 . 

[0055] Referring back to FIG. 8, the CPU 32 calcu- 
lates a hash value of the application data 1121 (step 

54072) . Here, a hash function used for the purpose is 
the same one used for deriving the signature of the ap- 20 
plication data 1121 in the server : 1. Then, the CPU 32 
decrypts the signature of the application data 1 1 22 (step 

54073) . In step S4073, since having been encrypted un- 
der public key cryptosystem, the signature of the appli- 
cation data 1 1 22 is decrypted using the public key 1 1 25. 25 
The CPU 32 then compares thus decrypted signature 
with the hash value calculated in step S4072 (step 

54074) , and determines whether those are the same or 
not (step S4075). If determined as being the same, the 
CPU 32 regards the data authentication as a success 30 
(step S4076), and as a failure if not the same(step 
S4077). 

[0056] After going through step S407 as such, the pro- 
cedure goes to step S408 of FIG. 4. If the data authen- 
tication is determined as a success in step S408, the 35 
procedure goes to step S409 to start up the application. 
Here, in step S409, the CPU 32 may change the con- 
tents of the application information table 315 based on 
the authentication type data 1 1 23. if this is the case, the 
authentication mode for the next start-up data will be 40 
changed, if determined as a failure, on the other hand, 
the CPU 32 discards the start-up data (step S410). 
Through such processes , the application start-up proc- 
ess is completed. 

[0057] I n the present embodiment, the appiicatio n da- *s 
ta included in the start-up data and the authentication 
type data are authenticated separately. This is not re- 
strictive, and if the start-up data includes the authenti- 
cation type data, the next start-up data may be changed 
in authentication mode. In the below, a modified version so 
of the application start-up process will be described. 
[0058] FIG. 1 0 is a flowchart of a modified version of 
the application start-up process of FIG. 4. Here, steps 
S601 to S603 are the same as steps S401 to S403 of 
FIG. 4, and thus n t described again. In FIG. 10, after ss 
step S603, the CPU 32 performs data authentication 
(step S604). Here, in this modified exampl , the start- 
up data is subjected to data authentication in its entirety 



under the authentication mode determined based on the 
application information table 315. That is, the authenti- 
cation mode used in step S604 has no relevance to the 
mode indicat d by the authentication type data included 
in the start-up data. 

[0059] The CPU 32 then determines whether data au- 
thentication in step S405 has worked out (step S605). 
If worked out, the CPU 32 starts up the application (step 
S606). Then, the CPU 32 updates the application infor- 
mation table (step S607). Specifically, therein, the au- 
thentication mode is updated into the one indicated by 
the authentication type data in the start-up data. More 
specifically, updated is the authentication mode corre- 
sponding to the application started up in step S606. If 
data authentication did not work out in step S605, th 
CPU 32 discards the start-up data ( step S608). After 
such a sequence of processes, the application start-up 
process is through. Note that, in the processes shown 
in FIG. 10, the authentication mode will be changed by 
the time when the next start-up data comes. 
[0060] The start-up data 112 is not limited in format, 
and may be described using hypertext, XML ( Xtensible 
Markup Language), or SGML (Standard Generalized 
markup Language), or simply In a table format. 
[0061] In the present embodiment, although the au- 
thentication mode is exemplified by a public key crypto- 
system, any other cryptosystem will do, including DES 
(Data Encryption Standard), for example. Also, any au- 
thentication mode will do as long as data is authenticat- 
ed thereby, including signature, digital watermarking, 
certificate, for example. Here, data is authenticat d to 
be verified its Identity, or the possibility of data tamper- 
ing, for example. 

[0062] In the present embodiment, the communica- 
tions terminal 3 installs the application from the server 
1 . Described below is the operation of the communica- 
tions terminal 3 for such application installment. 
[0063] FIG. 11 is a flowchart showing an application 
installment process in the communications terminal 3. 
Here, presumably, the Web browser 311 is activated pri- 
or to the process. That is, by the time of application ex- 
ecution, the display device 35 will display a Web pag 
received from the server 1 using the Web browser 31 1 . 
[0064] First, the CPU 32 of the communications ter- 
minal 3 requests the server 1 to forward the install data 
111 (step S701). This data request Is made through the 
input device 34, responding to the user's selecting an- 
chor information on the Web page displayed as links. In 
other words, the CPU 32 goes through step S701 in re- 
sponse to user's operation as such. Here, the data re- 
quest in step S701 includes a URL which indicates the 
location of the application program stored in the server 
1 . The anchor information is assumed to be display d 
on the Web page under an application name. 
[0065] Th data request made in step S701 Is re- 
ceived by the server 1 through th network 2. The com- 
munications devic 14 of the server 1 transfers th re- 
cerv d data requ st to the CPU 12. In response, the 
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CPU 1 2 determines what install data is to be forwarded 
based on the URL included in the data request, tn this 
example, the install data 111 will be forwarded. 
[0066] FIG. 12 shows an xampl of th install data 
111 of FIG. 1. In FIG. 12, the install data 111 includes 
an application program 1111, authentication type data 
1112,vand file type data 1113. The application program 

1111 Is the one to be installed in the communications 
terminal 3. The authentication type data 1112 indicates 
in what mode the authentication is supposed to be done 
for starting up the application program 1111. Thef lie type 
data 1113 indicates the file type of the application data 
to be read for starting up the application program 1111 . 
In the present embodiment, the contents of the install 
data 111 are determined by referring to a table previous- 
ly stored in the storage device 11 of the server 1 . Here, 
presumably, the table shows the correspondence 
among an application program, authentication type da- 
ta, and file type data. Here, the install data 111 may be 
generated by executing any dedicated program. The 
program Is the one to go through a process of generating 
the install data by providing the application program with 
its corresponding authentication type data and file type 
data. 

[0067] TheCPU 12 then reads thus determined install 
data 111 from the storage device 11 , and transfers it to 
the communications device 14. Thus transferred install 
data 111 is then sent out to the network 2. 
[0068] The install data 111 is then received by the 
communications device 36 of the communications ter- 
minal 3 over the network 2. The CPU 32 analyzes the 
install data 111 afterthe communications device 36 writ- 
ing it onto the RAM 33 (step S702). The CPU 32 deter- 
mines which part of the install data 111 corresponds to 
what data, i.e., the application program 1111, the au- 
thentication type data 1112, and the file type data 1113. 
[0069] Then, the CPU 32 stores the application pro- 
gram 1111 included in the install data 111 into the stor- 
age device 31 (step S703). The authentication type data 

1112 and the file type data 1 1 1 3 are stored into the ap- 
plication information table 315 (step S704). Through 
such operation, the application program 11 1 1 is installed 
into the communications terminal 3. 

[0070] Here, similarly to the start-up data, it is also 
pr ferable to perform data authentication to the install 
data coming from the server to the communications ter- 
minal. The authentication mode therefor may be unal- 
terably predetermined as the one for the authentication 
type data in step S405 of FIG. 4, or changeable as the 
one for the start-up data in step S604 of FIG. 10. 
[0071] As such, also at the time of application install- 
ment, the application and the data authentication pro- 
gram can be processed separately. Accordingly, prior to 
installment to the terminal, the data authentication proc- 
ess corresponding to the application can be easily 
changed in mode on the server side. 
[0072] Not that, the install data 111 is presumed to 
be in a single til , but the application program 1111, the 



authentication type data 1112, and the file type data 
1113 may be filed separately for the application install- 
ment process. 

[0073] For application installment, the c mmunica- 
5 tions terminal 3 may download any corr sponding ap- 
plications from the server, or use recording media such 
as CD-ROMs for the purpose. 

[0074] The present invention can be realized by pro- 
grams, and easily embodied in any other indep ndent 
10 computer systems with recording media having such 
programs recorded thereon. 

[0075] While the invention has been described in de- 
tail, the foregoing description is in all aspects illustrative 
and not restrictive. It is understood that numerous other 
15 modifications and variations can be devised without de- 
parting from the scope of the invention. 



Claims 

20 

1 . A communications terminal for transmitting/receiv- 
ing data to/from a server over a network, compris- 
ing: 



25 a data request section (S401 ) for making a data 

request for said server to forward start-up data 
which includes application data relating to start- 
up of an application, and authentication type 
data indicating an authentication mode for au- 

30 thenticating the application data; 

a data reception section (S402) for receiving 
said start-up data coming from said server In 
response to said data request; 
a first authentication section (S405) for authen- 

35 ticating said authentication type data received 

by said data reception section under a prede- 
termined authentication mode; 
a second authentication section (S407) for au- 
thenticating, corresponding to said first authen- 

40 tication section succeeding in authentication, 

said application data received by said data re- 
ception section under an authentication mod 
indicated by the authentication type data which 
has been done with authentication; and 

*s an application start-up section (S409) for read- 

ing, corresponding to said second authentica- 
tion section succeeding in authentication, said 
application data which has been done with au- 
thentication, and starting up said application. 

50 

2. The communications terminal according to claim 1 , 
further comprising an application information stor- 
age section (31) for storing application information 
which indicates a correspondence between the ap- 
55 plication and the authentication mode used for au- 
thenticating said application data relating to the ap- 
plication, wherein 

when said start-up data has none of said au- 
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th ntication type data, said second authentication 
section det rmines the auth ntication mode based 
on said application information. 

3. The communications terminal according to claim 1 , s 
wherein by designating said application data stored 

in said server using a Web browser, said data re- 
quest section makes the data request tor the appli- 
cation data. 

10 

4. A communications terminal for transmitting/receiv- 
ing data to/from a server over a network, compris- 
ing: 

a data request section (S601) for making a data is 
request for said server to forward start-up data 
which at least includes application data relating 
to execution of an application; 
a data reception section (S602) for receiving 
said start-up data coming from said server in 20 
response to said data request; 
an application information storage section (31) 
for storing application information which indi- 
cates a correspondence between the applica- 
tion and an authentication mode used for au- 25 
thenticating said application data relating to the 
application; 

an authentication section (S604) for authenti- 
cating said start-up data received by said data 
reception section under an authentication 30 
mode indicated by said application information; 
an application start-up section (S606) for read- 
ing, corresponding to said authentication sec- 
tion succeeding in authentication, the applica- 
tion data which has been done with authentica- & 
tion, and starting up said application; and 
under a condition that said start-up data in- 
cludes both said application data and authenti- 
cation type data which indicates an authentica- 
tion mode used for authenticating the applica- *o 
tion data, an application information update 
section (S607) for updating, corresponding to 
said authentication section succeeding in au- 
thentication, the authentication mode in said 
application information stored in said applica- *5 
tion information storage section into the au- 
thentication mode indicated by the authentica- 
tion type data which has been done with au- 
thentication. 

so 

5. A network system including a server and a commu- 
nications terminal for data transmission/reception 
therebetween over a network, wherein 

said server comprises: 

55 

a start-up data storag section (11) for storing 
start-up data which includes application data 
relating to execution of an application, and au- 



thentication type data indicating an authentica- 
tion mod used for auth nticating th applica- 
tion data; and 

a data transmission section (S53) for forward- 
ing the start-up data stored in said start-up data 
storage section in response to a data request 
for said start-up data coming from said commu- 
nications terminal, and 

said communications terminal comprises: 

a data request section (S401) for making the 
data request for said start-up data; 
a data reception section (S402) for receiving 
the start-up data coming from said server in re- 
sponse to said data request; 
a first authentication section (S405) for authen- 
ticating said authentication type data received 
by said data reception section under a prede- 
termined authentication mode; 
a second authentication section (S407) for au- 
thenticating, corresponding to said first authen- 
tication section succeeding in authentication, 
said application data received by said data re- 
ception section under the authentication mode 
indicated by the authentication type data which 
has been done with authentication; and 
an application start-up section (S409) for read- 
ing, corresponding to said second authentica- 
tion section succeeding in authentication, the 
application data which has been done with au- 
thentication, and starting up said application. 

6. A network system including a server and a commu- 
nications terminal for data transmission/reception 
therebetween over a network, wherein 
said server comprises: 

a start-up data storage section (11) for storing 
start-up data which at least includes application 
data relating to execution of an application; and 
a data transmission section (S53) for forward- 
ing the start-up data stored in said start-up data 
storage section in response to a data request 
for said start-up data coming from said commu- 
nications terminal, and 

said communications terminal comprises: 

a data request section (S601) for making the 
data request for said start-up data; 
a data reception section (S602) for receiving 
the start-up data coming from said server in re- 
sponse to said data request; 
an application information storage section (33) 
for storing application information which indi- 
cates a correspondence between the applica- 
tion and an authentication mode used for au- 
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thenticating said application data relating to the 
application, 

an authentication section (S604) for authenti- 
cating said start-up data received by said data 
reception s ction under the authentication 5 
mode indicated by said application information; 
an application start-up section (S606) for read- 
ing, corresponding to said authentication sec- 
tion succeeding in authentication, said applica- 
tion data which has been done with authentica- io 
tion, and starting up said application; and 
under a condition that said start-up data in- 
cludes both said application data and authenti- 
cation type data which indicates an authentica- 
tion mode used for authenticating the applica- *5 
tion data, an application information update 
section (S607) for updating, corresponding to 
said authentication section succeeding in au- 
thentication, the authentication mode in said 
application information stored in said applica- 20 
tion information storage section into the au- 
thentication mode indicated by the authentica- 
tion type data which has been done with au- 
thentication. 

25 

A program which is computer executable in a com- 
munications terminal for transmitting/receiving data 
to/from a server over a network, said program com- 
prising: 

30 

a data request step (S401) of making a data 
request for said server to forward start-up data 
which includes application data relating to start- 
up of an application, and authentication type 
data indicating an authentication mode for au- 35 
thenticating the application data; 
a data reception step (S402) of receiving said 
start-up data coming from said server in re- 
sponse to said data request; 
a first auth entication step (S405) of authenticat- *o 
ing said authentication type data received in 
said data reception step under a predetermined 
authentication mode; 

a second authentication step (S407) of authen- 
ticating, corresponding to said first authentica- *s 
tion step succeeding in authentication, said ap- 
plication data received in said data reception 
step under an authentication mode Indicated by 
the authentication type data which has been 
done with authentication; and 50 
an application start-up step (S409) of reading, 
corresponding to said second authentication 
step succeeding in authentication, said appli- 
cation data which has been done with authen- 
tication, and starting up said application. 55 

A program which is computer executable in a com- 
munications terminal for transmitting/receiving data 



to/from a server over a network, 

said communications terminal previously in- 
cludes application information which indicates a 
correspondence between an application and an au- 
thentication mod used for authenticating applica- 
tion data relating to the application, 

said program comprising: 

a data request step (S601) of making a data 
request for said server to forward start-up data 
which at least includes the application data re- 
lating to execution of the application; 
a data reception step (S602) of receiving said 
start-up data coming from said server in re- 
sponse to said data request; 
an authentication step (S604) of authenticating 
said start-up data received in said data recep- 
tion step under the authentication mode indi- 
cated by said application information; 
an application start-up step (S606) for reading, 
corresponding to said authentication step suc- 
ceeding in authentication, the application data 
which has been done with authentication, and 
starting up said application; and 
under a condition that said start-up data in- 
cludes both said application data and authenti- 
cation type data which indicates an authentica- 
tion mode used for authenticating the applica- 
tion data, an application information update 
step (S607) of updating, corresponding to said 
authentication step succeeding in authentica- 
tion, the authentication mode in said applica- 
tion information which has been previously in- 
cluded into the authentication mode indicated 
by the authentication type data which has been 
done with authentication. 

9. A data authentication method used in a communi- 
cations terminal for transmitting/receiving data to/ 
from a server over a network, comprising: 

a data request step (S401) of making a data 
request for said server to forward start-up data 
which includes application data relating to start- 
up of an application, and authentication typ 
data indicating an authentication mode for au- 
thenticating the application data; 
a data reception step (S402) of receiving said 
start-up data coming from said server in re- 
sponse to said data request; 
a first authentication step (S405) of authenticat- 
ing said authentication type data received in 
said data reception step under a predetermined 
authentication mode; 

a second authentication step (S407) of authen- 
ticating, corresponding to said first authentica- 
tion step succeeding in authentication, said ap- 
plication data received in said data reception 
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st p under an authentication mode indicated by 
the authentication typ data which has been 
done with authentication; and 
an application start-up step (S409) of reading, 
corresponding to said second authentication 5 
step succeeding in authentication, said appli- 
* cation data which has been done with authen- 
tication, and starting up said application. 

10. A data authentication method used in a communi- n> 
cations terminal for transmitting/receiving data to/ 
from a server over a network, 

said communications terminal previously in- 
cludes application information which indicates a 
correspondence between an application and an au- 
thentication mode used for authenticating applica- 
tion data relating to the application, 

said method comprising: 

a data request step (S601) of making a data 20 
request for said server to forward start-up data 
which at least includes the application data re- 
lating to execution of the application; 
a data reception step (S602) of receiving said 
start-up data coming from said server in re- 25 
sponse to said data request; 
an authentication step (S604) of authenticating 
said start-up data received in said data recep- 
tion step under the authentication mode indi- 
cated by said application information; zo 
an application start-up step (S606) for reading, 
corresponding to said authentication step suc- 
ceeding in authentication, the application data 
which has been done with authentication, and 
starting up said application; and 35 
under a condition that said start-up data in- 
cludes both said application data and authenti- 
cation type data which indicates an authentica- 
tion mode used for authenticating the applica- 
tion data, an application information update *o 
step (S607) of updating, corresponding to said 
authentication step succeeding in authentica- 
tion, the authentication mode in said applica- 
tion information which has been previously in- 
cluded into the authentication mode indicated 4s 
by the authentication type data which has been 
done with authentication. 
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